| | | | | | | | |
|
|
|
You're here: Home |
Hi Randy,
You are quite right - the paragraph, and indeed the entire the
proposal, requires a lot of thought.
When I was drafting the proposal I focused on the aspects of
improving the overall processes for all members such that we
see improvements in:
o the speed of updates
o the value of feedback (success/failure)
o reducing the reliance on intermediate systems and processes
(such as SMTP and its behaviours)
o reducing the prerequisite knowledge needed to use the
APNIC registry
and of course
o meeting the security needs of a registry function
One of my concerns was that adding security features to email to
match the necessary security levels might actually add layers of
complexity for the registrant.
When I wrote that paragraph I had two things in mind,
"how much work would any member need to do to send an update to
APNIC?" and "what level of infrastructure would be required to
adequately support that service?".
The scenarios I worked through suggested conclusions where APNIC
could be at risk of adding to the members' work effort and possibly
increasing APNIC's support costs by implementing such security
mechanisms in email.
Cheers
Terry
On 07/08/2006, at 6:16 PM, Randy Bush wrote:
The mechanisms for securing the contents of an email and validatingthe identity of the author of the update are weak by modernstandards. Although there are ways of improving the use of email forsecure transactions, these are not considered sufficiently scaleable.i believe this paragraph needs considerable justification before this proposal can be justified, particularly as it proposes to make things significantly more difficult for the smallest and most poorly connected registrants, who would otherwise seem, at leat to me, to be deserving of our going the extra kilometer to support.
-- Terry Manderson email: terry@apnic.net Snr Systems & Network Architect, APNIC sip: info@voip.apnic.net http://www.apnic.net phone: +61 7 3858 3100